/*    */ package com.zimbra.cs.account.ldap.upgrade;
/*    */ 
/*    */ import com.zimbra.common.service.ServiceException;
/*    */ import com.zimbra.cs.account.Entry;
/*    */ import com.zimbra.cs.account.ldap.LdapProv;
/*    */ import com.zimbra.cs.ldap.LdapClient;
/*    */ import com.zimbra.cs.ldap.LdapServerType;
/*    */ import com.zimbra.cs.ldap.LdapUsage;
/*    */ import com.zimbra.cs.ldap.ZLdapContext;
/*    */ import java.util.HashMap;
/*    */ import java.util.Map;
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ 
/*    */ public class BUG_85224
/*    */   extends UpgradeOp
/*    */ {
/*    */   private static final String ATTR_NAME = "zimbraReverseProxySSLCiphers";
/*    */   private static final String OLD_VALUE = "RC4:HIGH:!aNULL:!MD5:!kEDH:!AD:!SSLv2";
/*    */   private static final String NEW_VALUE = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK";
/*    */   
/*    */   void doUpgrade()
/*    */     throws ServiceException
/*    */   {
/* 38 */     ZLdapContext zlc = LdapClient.getContext(LdapServerType.MASTER, LdapUsage.UPGRADE);
/*    */     try {
/* 40 */       doGlobalConfig(zlc);
/*    */     } finally {
/* 42 */       LdapClient.closeContext(zlc);
/*    */     }
/*    */   }
/*    */   
/*    */   private void doGlobalConfig(ZLdapContext zlc) throws ServiceException {
/* 47 */     doEntry(zlc, this.prov.getConfig());
/*    */   }
/*    */   
/*    */   private void doEntry(ZLdapContext zlc, Entry entry) throws ServiceException {
/* 51 */     String entryName = entry.getLabel();
/*    */     
/* 53 */     this.printer.println();
/* 54 */     this.printer.println("------------------------------");
/* 55 */     this.printer.println("Checking zimbraReverseProxySSLCiphers on " + entryName);
/*    */     
/* 57 */     String curValue = entry.getAttr("zimbraReverseProxySSLCiphers", "RC4:HIGH:!aNULL:!MD5:!kEDH:!AD:!SSLv2");
/* 58 */     if ("RC4:HIGH:!aNULL:!MD5:!kEDH:!AD:!SSLv2".equals(curValue)) {
/* 59 */       Map<String, Object> attrs = new HashMap();
/* 60 */       this.printer.println("Changing zimbraReverseProxySSLCiphers on " + entryName + " from " + "RC4:HIGH:!aNULL:!MD5:!kEDH:!AD:!SSLv2" + " to " + "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK");
/* 61 */       attrs.put("zimbraReverseProxySSLCiphers", "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK");
/* 62 */       modifyAttrs(entry, attrs);
/*    */     } else {
/* 64 */       this.printer.println("Current value of zimbraReverseProxySSLCiphers on " + entryName + " is " + curValue + " - not changed");
/*    */     }
/*    */   }
/*    */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/account/ldap/upgrade/BUG_85224.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */